GeneralInformation

Hostnames	panel.isvip.ir static.232.245.181.135.clients.your-server.de
Domains	isvip.ir your-server.de
Country	Finland
City	Helsinki
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS24940

WebTechnologies

JavaScript frameworks

JavaScript libraries

Miscellaneous

UI frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-45802	When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-31122	Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2023-27522	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
CVE-2023-25690	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
CVE-2023-2183	Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.
CVE-2023-1410	Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.
CVE-2023-0594	Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
CVE-2023-0507	Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
CVE-2022-39324	Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.
CVE-2022-39307	Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.
CVE-2022-39306	Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.
CVE-2022-39229	Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`'s password won’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.
CVE-2022-39201	Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.
CVE-2022-37454	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2022-37436	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
CVE-2022-36760	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
CVE-2022-36062	Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.
CVE-2022-35957	Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/
CVE-2022-31813	7.5Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
CVE-2022-31630	In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31626	6.0In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
CVE-2022-31625	6.8In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
CVE-2022-31130	Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.
CVE-2022-31123	Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
CVE-2022-31107	Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
CVE-2022-31097	Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
CVE-2022-30556	5.0Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
CVE-2022-29404	5.0In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
CVE-2022-28615	6.4Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
CVE-2022-28614	5.0The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
CVE-2022-28330	5.0Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
CVE-2022-26377	5.0Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
CVE-2022-23943	7.5Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2022-23552	Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.
CVE-2022-22721	5.8If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-22720	7.5Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVE-2022-22719	5.0A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-21713	3.5Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-21703	6.8Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-21702	2.1Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.
CVE-2022-21673	3.5Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.
CVE-2021-44790	7.5A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-44224	6.4A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-43815	3.5Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.
CVE-2021-43813	4.0Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/./markdown/. without losing any functionality beyond inlined plugin help text.
CVE-2021-43798	7.5Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) is vulnerable to directory traversal, allowing access to local files
CVE-2021-41244	6.5Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.
CVE-2021-41174	4.3Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(‘alert(1)’)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.
CVE-2021-21708	6.8In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-8331	4.3In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-20677	4.3In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676	4.3In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2018-14042	4.3In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14040	4.3In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVE-2017-9118	5.0PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2016-10735	4.3In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2013-4365	7.5Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2013-2765	5.0The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2013-0942	4.3Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0941	2.1EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVE-2012-4360	4.3Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4001	5.0The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
CVE-2012-3526	5.0The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
CVE-2011-2688	7.5SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2011-1176	4.3The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
CVE-2009-2299	5.0The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
CVE-2009-0796	2.6Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2007-4723	7.5Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
CVE-2006-20001	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

OpenPorts

21 25 53 80 110 143 443 465 587 993 995 3000 3001 3306 5432 8000 8080 8181 9000 9090 9100

-1536493902 | 2024-05-27T23:51:47.057648

21 / tcp

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 03:20. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
530 Login authentication failed
214-The following SITE commands are recognized
 ALIAS
 CHMOD
 IDLE
 UTIME
214 Pure-FTPd - http://pureftpd.org/
211-Extensions supported:
 UTF8
 EPRT
 IDLE
 MDTM
 SIZE
 MFMT
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 PRET
 AUTH TLS
 PBSZ
 PROT
 TVFS
 ESTA
 PASV
 EPSV
 SPSV
 ESTP
211 End.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a9:7e:fa:be:99:86:5f:06
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=135.181.245.232/emailAddress=admin@bt.cn
        Validity
            Not Before: Nov  3 06:55:54 2021 GMT
            Not After : Aug  3 06:55:54 2031 GMT
        Subject: C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=135.181.245.232/emailAddress=admin@bt.cn
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:31:6f:57:e0:c6:b6:f1:c5:de:13:f3:77:94:
                    39:3a:3f:b2:0c:ad:f3:af:ad:f4:ee:77:7b:cb:43:
                    a0:ad:b4:e3:7f:29:38:3c:dc:61:9b:48:8c:75:30:
                    66:2d:47:ef:ec:fe:dd:7e:a0:9a:af:0c:1f:f2:d6:
                    42:b5:63:7b:0c:34:e0:2e:3f:1e:37:4e:77:ce:36:
                    1b:a7:4c:09:9a:ab:84:84:5f:1e:84:7a:6a:3d:b2:
                    4e:4a:b0:7b:c8:d9:e9:8e:b3:21:09:47:c8:df:6d:
                    3f:43:69:70:12:bc:53:88:14:d0:9a:c3:fe:d5:f4:
                    4f:a6:d4:a3:53:1f:af:ea:c2:ae:9b:95:6f:34:aa:
                    25:2e:4f:3e:ab:d1:60:2e:46:b8:f2:1e:63:91:79:
                    6b:80:90:b8:16:67:07:26:cb:69:ac:a1:89:f2:50:
                    8a:3d:92:60:16:7d:33:11:75:cd:90:d7:18:20:c0:
                    76:38:7d:4a:30:c3:14:11:41:4c:ef:a2:dc:c0:6a:
                    a4:0b:fa:52:2e:3f:34:5d:29:45:6c:f0:e9:b6:b8:
                    01:87:f0:70:a3:cf:58:e3:14:c1:24:e5:0c:e7:78:
                    7e:23:07:ef:33:6f:21:2d:5d:c9:73:e0:4d:d2:d6:
                    c0:be:bc:45:b8:19:18:bf:06:87:24:c0:32:2e:6d:
                    b1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                0A:0C:2D:53:C8:68:E2:AC:1B:5C:2F:AF:1E:07:A9:3E:B8:96:3D:B6
            X509v3 Authority Key Identifier: 
                0A:0C:2D:53:C8:68:E2:AC:1B:5C:2F:AF:1E:07:A9:3E:B8:96:3D:B6
            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        43:d4:36:3a:36:73:b9:f2:f6:4b:d7:57:60:c5:56:18:23:4d:
        b9:2b:08:50:e6:94:eb:e2:2f:b1:46:17:33:66:a8:57:2e:df:
        2a:9f:92:36:03:9b:46:75:c6:57:e9:3c:cf:c8:d8:90:04:b8:
        6d:b7:26:c3:df:bd:5c:12:f9:04:8a:5d:46:e9:6d:42:59:06:
        a1:65:fa:6b:28:64:83:06:77:9d:a2:4a:ac:2a:e9:da:cf:fc:
        45:8b:6d:76:c4:63:ef:c6:b0:0d:6c:19:a6:a3:c0:39:c9:ce:
        14:13:68:b8:32:40:54:86:c6:db:a3:89:71:24:c5:37:aa:6a:
        e5:58:d0:89:dd:91:0f:f3:d7:c6:e3:c8:f0:50:ae:30:4d:d0:
        11:f6:58:b0:66:e3:08:9f:4c:ac:4c:f9:aa:b7:d6:78:7d:19:
        de:21:b8:7f:a3:e5:55:31:73:2d:b4:48:7f:b0:2e:c1:8b:34:
        9e:43:fa:f6:f9:70:f4:7a:17:99:9b:38:d8:86:e7:14:6f:d5:
        18:cd:b6:44:23:8d:75:1d:ca:af:30:fc:f6:72:1d:56:4e:ae:
        76:c4:f7:dd:6b:aa:00:a8:f2:8e:ce:14:83:46:74:bc:8b:9d:
        21:5f:a1:6d:db:3f:ff:6c:32:3c:88:08:51:35:c0:0e:9a:74:
        dc:51:e2:b6

-708003874 | 2024-05-28T03:05:06.799174

25 / tcp

220 static.232.245.181.135.clients.your-server.de ESMTP Postfix
250-static.232.245.181.135.clients.your-server.de
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING

368625022 | 2024-05-27T19:23:53.047818

53 / tcp

Resolver ID: mail.greenspark.om

368625022 | 2024-05-28T02:37:22.489784

53 / udp

Resolver ID: mail.greenspark.om

-1225945184 | 2024-05-28T03:21:01.685358

80 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 May 2024 03:20:08 GMT
Content-Type: text/html
Content-Length: 1120
Last-Modified: Mon, 15 Nov 2021 05:58:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "6191f6e9-460"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

1952082069 | 2024-05-27T18:25:21.419061

110 / tcp

+OK Dovecot ready.
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
AUTH-RESP-CODE
STLS
USER
SASL PLAIN LOGIN
.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:87:75:6c:f1:48:89:9c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Validity
            Not Before: Nov 15 05:09:42 2021 GMT
            Not After : Nov 15 05:09:42 2022 GMT
        Subject: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:f3:0e:9b:ef:82:76:be:00:c8:7e:c6:26:a0:
                    b8:04:3a:6b:70:80:40:93:d5:fe:9a:79:c7:0f:4c:
                    99:ce:c8:cf:e2:54:f4:83:a5:86:97:03:17:f0:fc:
                    ca:04:0c:8d:bc:76:f1:76:60:f7:a1:53:69:9a:86:
                    5e:41:2d:75:24:4e:d6:f7:75:2e:78:42:7c:31:21:
                    ec:5e:14:68:4a:43:46:02:c3:50:cf:ee:e4:9b:cf:
                    19:38:5c:f2:cc:26:8d:d0:e7:69:3f:83:3c:06:55:
                    42:80:99:f2:e4:07:cd:eb:eb:ee:81:4d:cc:7f:88:
                    87:03:ab:00:49:59:62:52:07:e2:d2:5a:91:72:fa:
                    5a:33:ef:d0:92:a8:44:dc:d9:b7:0e:98:9d:4a:da:
                    0c:b7:c6:6e:e7:99:0f:f3:5c:ca:70:77:5c:c3:d8:
                    3f:85:ba:f0:dd:61:47:84:3e:5f:7d:0a:b9:3e:62:
                    2a:f6:f0:a5:54:b0:65:f8:fa:96:34:d1:37:e3:ec:
                    20:fd:d0:0f:ea:a5:5e:d2:aa:01:08:fe:b0:18:45:
                    e4:aa:de:e1:10:43:e2:35:d5:39:e5:34:96:53:45:
                    86:46:80:cc:52:bd:03:2f:d8:20:5a:be:6f:66:93:
                    00:b2:fa:86:78:d1:7a:ae:70:73:bc:70:f0:2d:27:
                    d6:9c:d4:1b:64:c7:e6:ea:05:e5:a5:c0:e1:fa:0d:
                    62:f3:bd:e5:43:6c:d4:b6:dc:c2:e5:17:cb:fd:4c:
                    b7:7c:3f:a3:40:d5:cb:69:93:3a:66:aa:fe:02:bd:
                    b2:72:7f:cd:19:0f:f4:11:8f:33:dc:35:52:1c:da:
                    e1:b3:78:4a:88:0f:37:a4:69:c6:d7:bb:c4:0b:97:
                    50:a8:4c:19:14:27:af:25:1c:95:0b:a8:d3:78:67:
                    e0:82:f4:5f:51:dc:f3:5b:0a:1b:3c:86:8d:95:12:
                    63:3d:a9:26:b8:11:de:2f:6f:86:d3:e7:c2:3f:bb:
                    77:55:a1:3f:c7:b5:c8:27:3b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        57:c1:0c:b0:40:96:b0:90:fc:65:61:1e:83:50:a5:63:ea:7e:
        3f:e0:5d:e3:d2:59:e7:84:d4:04:04:62:ee:26:b1:a0:d6:2b:
        74:67:5c:c2:d6:17:80:d0:70:1e:76:39:27:60:3a:08:9e:09:
        93:6b:d0:56:1a:1c:35:b3:24:5d:45:c4:0d:0e:1b:a3:0a:5c:
        66:ac:44:8f:8e:5a:ac:da:d4:21:ec:e9:bc:2e:bf:df:50:a2:
        b2:c5:38:b4:b4:3f:c2:90:ca:86:80:92:b4:e8:9d:3c:06:bd:
        7b:9b:9c:25:2a:11:65:63:e5:a1:fd:64:19:8c:a1:c0:e8:e3:
        f6:f5:d5:bb:cb:ab:6e:00:42:d6:45:08:54:fe:4e:fa:4f:da:
        59:5f:01:71:05:a4:44:e8:c5:27:31:8e:81:07:e6:a2:81:47:
        4a:bc:2f:bd:7a:f6:9f:37:25:81:dd:df:d9:b1:7e:3e:1f:e0:
        b3:c3:ae:bd:ed:65:25:5d:98:22:f6:89:3a:09:ff:c1:dc:2e:
        fb:bb:68:6e:15:dc:36:ab:33:15:6d:33:d6:b0:35:9d:53:89:
        39:4b:ee:7c:63:39:ee:72:48:76:28:94:5d:0a:e5:e9:24:5b:
        d5:7d:4a:c7:95:90:b4:6d:23:9a:8f:d3:17:ed:18:a6:42:5c:
        01:1d:bb:72:33:91:15:ae:3d:3d:21:6a:73:2b:45:5d:4e:2e:
        fb:71:01:5e:cb:43:c5:e3:c6:41:33:4d:94:c2:05:40:5c:ae:
        23:6d:82:2e:a3:55:45:cc:c2:c2:79:d8:26:45:18:88:8e:33:
        79:ef:c1:01:de:3b:1f:fb:3d:1e:19:bc:fd:7d:1c:08:6a:7c:
        1b:9a:b6:28:55:11:5b:62:ed:9f:d4:4b:8a:87:4d:60:44:d1:
        77:9f:be:b2:03:c2:a5:59:45:ab:9c:c3:ac:a4:60:70:92:f9:
        d4:2b:0b:d2:4f:b1:5e:b3:ea:84:8c:10:29:e9:2a:ae:b7:02:
        ca:2f:b1:d9:4c:77

-1267549069 | 2024-05-28T01:41:52.878279

143 / tcp

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
A003 BAD Error in IMAP command received by server.
* BYE Logging out
A004 OK Logout completed.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:87:75:6c:f1:48:89:9c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Validity
            Not Before: Nov 15 05:09:42 2021 GMT
            Not After : Nov 15 05:09:42 2022 GMT
        Subject: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:f3:0e:9b:ef:82:76:be:00:c8:7e:c6:26:a0:
                    b8:04:3a:6b:70:80:40:93:d5:fe:9a:79:c7:0f:4c:
                    99:ce:c8:cf:e2:54:f4:83:a5:86:97:03:17:f0:fc:
                    ca:04:0c:8d:bc:76:f1:76:60:f7:a1:53:69:9a:86:
                    5e:41:2d:75:24:4e:d6:f7:75:2e:78:42:7c:31:21:
                    ec:5e:14:68:4a:43:46:02:c3:50:cf:ee:e4:9b:cf:
                    19:38:5c:f2:cc:26:8d:d0:e7:69:3f:83:3c:06:55:
                    42:80:99:f2:e4:07:cd:eb:eb:ee:81:4d:cc:7f:88:
                    87:03:ab:00:49:59:62:52:07:e2:d2:5a:91:72:fa:
                    5a:33:ef:d0:92:a8:44:dc:d9:b7:0e:98:9d:4a:da:
                    0c:b7:c6:6e:e7:99:0f:f3:5c:ca:70:77:5c:c3:d8:
                    3f:85:ba:f0:dd:61:47:84:3e:5f:7d:0a:b9:3e:62:
                    2a:f6:f0:a5:54:b0:65:f8:fa:96:34:d1:37:e3:ec:
                    20:fd:d0:0f:ea:a5:5e:d2:aa:01:08:fe:b0:18:45:
                    e4:aa:de:e1:10:43:e2:35:d5:39:e5:34:96:53:45:
                    86:46:80:cc:52:bd:03:2f:d8:20:5a:be:6f:66:93:
                    00:b2:fa:86:78:d1:7a:ae:70:73:bc:70:f0:2d:27:
                    d6:9c:d4:1b:64:c7:e6:ea:05:e5:a5:c0:e1:fa:0d:
                    62:f3:bd:e5:43:6c:d4:b6:dc:c2:e5:17:cb:fd:4c:
                    b7:7c:3f:a3:40:d5:cb:69:93:3a:66:aa:fe:02:bd:
                    b2:72:7f:cd:19:0f:f4:11:8f:33:dc:35:52:1c:da:
                    e1:b3:78:4a:88:0f:37:a4:69:c6:d7:bb:c4:0b:97:
                    50:a8:4c:19:14:27:af:25:1c:95:0b:a8:d3:78:67:
                    e0:82:f4:5f:51:dc:f3:5b:0a:1b:3c:86:8d:95:12:
                    63:3d:a9:26:b8:11:de:2f:6f:86:d3:e7:c2:3f:bb:
                    77:55:a1:3f:c7:b5:c8:27:3b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        57:c1:0c:b0:40:96:b0:90:fc:65:61:1e:83:50:a5:63:ea:7e:
        3f:e0:5d:e3:d2:59:e7:84:d4:04:04:62:ee:26:b1:a0:d6:2b:
        74:67:5c:c2:d6:17:80:d0:70:1e:76:39:27:60:3a:08:9e:09:
        93:6b:d0:56:1a:1c:35:b3:24:5d:45:c4:0d:0e:1b:a3:0a:5c:
        66:ac:44:8f:8e:5a:ac:da:d4:21:ec:e9:bc:2e:bf:df:50:a2:
        b2:c5:38:b4:b4:3f:c2:90:ca:86:80:92:b4:e8:9d:3c:06:bd:
        7b:9b:9c:25:2a:11:65:63:e5:a1:fd:64:19:8c:a1:c0:e8:e3:
        f6:f5:d5:bb:cb:ab:6e:00:42:d6:45:08:54:fe:4e:fa:4f:da:
        59:5f:01:71:05:a4:44:e8:c5:27:31:8e:81:07:e6:a2:81:47:
        4a:bc:2f:bd:7a:f6:9f:37:25:81:dd:df:d9:b1:7e:3e:1f:e0:
        b3:c3:ae:bd:ed:65:25:5d:98:22:f6:89:3a:09:ff:c1:dc:2e:
        fb:bb:68:6e:15:dc:36:ab:33:15:6d:33:d6:b0:35:9d:53:89:
        39:4b:ee:7c:63:39:ee:72:48:76:28:94:5d:0a:e5:e9:24:5b:
        d5:7d:4a:c7:95:90:b4:6d:23:9a:8f:d3:17:ed:18:a6:42:5c:
        01:1d:bb:72:33:91:15:ae:3d:3d:21:6a:73:2b:45:5d:4e:2e:
        fb:71:01:5e:cb:43:c5:e3:c6:41:33:4d:94:c2:05:40:5c:ae:
        23:6d:82:2e:a3:55:45:cc:c2:c2:79:d8:26:45:18:88:8e:33:
        79:ef:c1:01:de:3b:1f:fb:3d:1e:19:bc:fd:7d:1c:08:6a:7c:
        1b:9a:b6:28:55:11:5b:62:ed:9f:d4:4b:8a:87:4d:60:44:d1:
        77:9f:be:b2:03:c2:a5:59:45:ab:9c:c3:ac:a4:60:70:92:f9:
        d4:2b:0b:d2:4f:b1:5e:b3:ea:84:8c:10:29:e9:2a:ae:b7:02:
        ca:2f:b1:d9:4c:77

-1225945184 | 2024-05-27T17:04:59.536981

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 May 2024 17:04:07 GMT
Content-Type: text/html
Content-Length: 1120
Last-Modified: Mon, 15 Nov 2021 05:58:01 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "6191f6e9-460"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:28:8d:2a:14:86:1e:ef:f1:83:8f:ec:89:1e:d2:69:8d:d4
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May  6 19:40:24 2024 GMT
            Not After : Aug  4 19:40:23 2024 GMT
        Subject: CN=panel.isvip.ir
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ed:46:32:b7:12:0a:9c:72:0e:4d:69:e1:aa:fe:
                    90:b6:f2:c0:43:09:1f:29:b1:d8:92:83:88:a3:93:
                    e2:a0:ec:69:82:ce:de:05:62:81:85:6c:9d:4a:73:
                    52:0b:7c:d2:26:6c:8f:88:59:0e:27:59:38:b3:e0:
                    bd:d5:83:65:8d:44:82:c8:41:05:f3:b1:7b:16:88:
                    d0:71:41:ec:30:ac:bf:7b:9a:92:b4:2f:a3:e3:32:
                    a8:45:26:fb:91:7a:04:98:86:af:06:c3:4c:e9:aa:
                    f7:22:71:59:75:97:ab:40:b7:da:fb:67:f4:61:f6:
                    51:ba:1e:9b:1b:f4:ac:bc:67:9e:cb:8b:32:3e:99:
                    20:eb:79:dc:04:ca:34:7e:f5:16:23:d3:60:27:d1:
                    94:c7:a5:04:36:ae:b7:f9:5d:84:fd:7e:2b:0e:dc:
                    a0:65:f3:45:0f:0b:4d:52:06:53:92:22:26:6d:29:
                    df:7b:d5:36:cc:86:bb:83:3c:b3:6e:1c:90:94:cd:
                    e6:fb:35:51:ef:7f:ae:12:fc:0d:9f:e4:d4:65:30:
                    7b:ee:84:ab:8e:e2:35:04:24:48:ef:09:3e:08:0f:
                    8f:85:e0:34:30:c6:43:08:9f:42:c5:8d:d6:45:33:
                    75:1e:74:57:ec:01:0b:f4:dc:ea:d9:19:dd:52:c2:
                    2f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D8:4A:61:74:D7:F0:86:43:22:A0:D5:EF:2C:B8:28:F3:16:92:06:52
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:panel.isvip.ir
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
                                83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
                    Timestamp : May  6 20:40:24.799 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:7E:DD:47:D7:60:00:4C:25:FE:7E:79:E8:
                                12:21:50:15:52:54:06:60:33:AC:BF:08:11:B7:B2:23:
                                5D:B7:CB:AB:02:20:2A:3D:10:A7:CF:BC:A2:8A:2D:79:
                                5E:F4:20:4D:BF:72:7D:D7:A0:22:2B:38:28:99:BF:F1:
                                B7:DF:B7:ED:83:C1
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : May  6 20:40:24.856 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:CE:EE:5F:AB:C0:CF:47:4C:CD:47:DD:
                                81:4C:45:D3:A1:0B:20:F4:B8:9D:39:31:43:9C:87:10:
                                BF:BD:28:80:19:02:20:7A:28:9E:CD:7D:DB:26:56:44:
                                FE:58:46:97:0E:20:47:A3:CB:A7:25:A6:BA:B6:53:B2:
                                EB:50:28:37:75:26:94
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        70:c5:da:82:fd:20:2f:e3:47:d3:13:11:03:d8:81:f9:8b:b6:
        e7:be:d6:d5:69:24:0f:32:0f:73:8b:16:ec:23:bf:11:b4:10:
        c1:52:75:c2:5c:6c:40:35:b2:17:66:d3:52:eb:c3:0f:52:2d:
        a3:a5:8d:55:30:19:14:d7:bd:4d:ba:73:c9:89:bb:9c:57:0d:
        1d:24:fb:1e:28:ab:8b:f6:01:ff:b5:70:6f:5f:c5:df:af:2c:
        ba:e8:67:cc:8f:5d:5a:e0:e5:6b:08:bb:a6:0c:7b:ff:f5:77:
        d1:80:67:21:1e:e9:9d:37:8b:3c:53:aa:2e:f6:53:67:8d:f7:
        93:79:2b:04:e8:80:11:60:cf:85:3c:8c:dd:9d:b7:c4:4e:28:
        bc:be:6a:91:e6:43:dc:75:05:d0:16:30:29:81:38:f1:55:18:
        47:48:22:49:8d:94:cd:9a:4d:67:20:e6:9e:55:41:1f:13:aa:
        49:67:66:d2:d7:c0:5c:e2:09:09:2d:9b:a2:55:8e:9e:e8:69:
        41:f6:94:33:1a:05:94:ef:c7:30:b6:f4:ef:b5:09:d4:47:70:
        fc:c5:d2:01:48:70:f5:0b:a5:4d:81:fb:b2:53:4b:ce:96:c3:
        a7:45:49:8b:bf:da:28:b9:7c:85:1c:8e:34:2b:a3:1d:c6:cb:
        b8:09:56:a9

1125707720 | 2024-05-28T02:37:21.730088

465 / tcp

220 static.232.245.181.135.clients.your-server.de ESMTP Postfix\r\n

-1618548442 | 2024-05-27T22:21:40.692423

587 / tcp

220 static.232.245.181.135.clients.your-server.de ESMTP Postfix
250-static.232.245.181.135.clients.your-server.de
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING

1520541986 | 2024-05-27T23:09:05.263948

993 / tcp

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
A003 BAD Error in IMAP command received by server.
* BYE Logging out
A004 OK Logout completed.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:87:75:6c:f1:48:89:9c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Validity
            Not Before: Nov 15 05:09:42 2021 GMT
            Not After : Nov 15 05:09:42 2022 GMT
        Subject: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:f3:0e:9b:ef:82:76:be:00:c8:7e:c6:26:a0:
                    b8:04:3a:6b:70:80:40:93:d5:fe:9a:79:c7:0f:4c:
                    99:ce:c8:cf:e2:54:f4:83:a5:86:97:03:17:f0:fc:
                    ca:04:0c:8d:bc:76:f1:76:60:f7:a1:53:69:9a:86:
                    5e:41:2d:75:24:4e:d6:f7:75:2e:78:42:7c:31:21:
                    ec:5e:14:68:4a:43:46:02:c3:50:cf:ee:e4:9b:cf:
                    19:38:5c:f2:cc:26:8d:d0:e7:69:3f:83:3c:06:55:
                    42:80:99:f2:e4:07:cd:eb:eb:ee:81:4d:cc:7f:88:
                    87:03:ab:00:49:59:62:52:07:e2:d2:5a:91:72:fa:
                    5a:33:ef:d0:92:a8:44:dc:d9:b7:0e:98:9d:4a:da:
                    0c:b7:c6:6e:e7:99:0f:f3:5c:ca:70:77:5c:c3:d8:
                    3f:85:ba:f0:dd:61:47:84:3e:5f:7d:0a:b9:3e:62:
                    2a:f6:f0:a5:54:b0:65:f8:fa:96:34:d1:37:e3:ec:
                    20:fd:d0:0f:ea:a5:5e:d2:aa:01:08:fe:b0:18:45:
                    e4:aa:de:e1:10:43:e2:35:d5:39:e5:34:96:53:45:
                    86:46:80:cc:52:bd:03:2f:d8:20:5a:be:6f:66:93:
                    00:b2:fa:86:78:d1:7a:ae:70:73:bc:70:f0:2d:27:
                    d6:9c:d4:1b:64:c7:e6:ea:05:e5:a5:c0:e1:fa:0d:
                    62:f3:bd:e5:43:6c:d4:b6:dc:c2:e5:17:cb:fd:4c:
                    b7:7c:3f:a3:40:d5:cb:69:93:3a:66:aa:fe:02:bd:
                    b2:72:7f:cd:19:0f:f4:11:8f:33:dc:35:52:1c:da:
                    e1:b3:78:4a:88:0f:37:a4:69:c6:d7:bb:c4:0b:97:
                    50:a8:4c:19:14:27:af:25:1c:95:0b:a8:d3:78:67:
                    e0:82:f4:5f:51:dc:f3:5b:0a:1b:3c:86:8d:95:12:
                    63:3d:a9:26:b8:11:de:2f:6f:86:d3:e7:c2:3f:bb:
                    77:55:a1:3f:c7:b5:c8:27:3b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        57:c1:0c:b0:40:96:b0:90:fc:65:61:1e:83:50:a5:63:ea:7e:
        3f:e0:5d:e3:d2:59:e7:84:d4:04:04:62:ee:26:b1:a0:d6:2b:
        74:67:5c:c2:d6:17:80:d0:70:1e:76:39:27:60:3a:08:9e:09:
        93:6b:d0:56:1a:1c:35:b3:24:5d:45:c4:0d:0e:1b:a3:0a:5c:
        66:ac:44:8f:8e:5a:ac:da:d4:21:ec:e9:bc:2e:bf:df:50:a2:
        b2:c5:38:b4:b4:3f:c2:90:ca:86:80:92:b4:e8:9d:3c:06:bd:
        7b:9b:9c:25:2a:11:65:63:e5:a1:fd:64:19:8c:a1:c0:e8:e3:
        f6:f5:d5:bb:cb:ab:6e:00:42:d6:45:08:54:fe:4e:fa:4f:da:
        59:5f:01:71:05:a4:44:e8:c5:27:31:8e:81:07:e6:a2:81:47:
        4a:bc:2f:bd:7a:f6:9f:37:25:81:dd:df:d9:b1:7e:3e:1f:e0:
        b3:c3:ae:bd:ed:65:25:5d:98:22:f6:89:3a:09:ff:c1:dc:2e:
        fb:bb:68:6e:15:dc:36:ab:33:15:6d:33:d6:b0:35:9d:53:89:
        39:4b:ee:7c:63:39:ee:72:48:76:28:94:5d:0a:e5:e9:24:5b:
        d5:7d:4a:c7:95:90:b4:6d:23:9a:8f:d3:17:ed:18:a6:42:5c:
        01:1d:bb:72:33:91:15:ae:3d:3d:21:6a:73:2b:45:5d:4e:2e:
        fb:71:01:5e:cb:43:c5:e3:c6:41:33:4d:94:c2:05:40:5c:ae:
        23:6d:82:2e:a3:55:45:cc:c2:c2:79:d8:26:45:18:88:8e:33:
        79:ef:c1:01:de:3b:1f:fb:3d:1e:19:bc:fd:7d:1c:08:6a:7c:
        1b:9a:b6:28:55:11:5b:62:ed:9f:d4:4b:8a:87:4d:60:44:d1:
        77:9f:be:b2:03:c2:a5:59:45:ab:9c:c3:ac:a4:60:70:92:f9:
        d4:2b:0b:d2:4f:b1:5e:b3:ea:84:8c:10:29:e9:2a:ae:b7:02:
        ca:2f:b1:d9:4c:77

-1001764030 | 2024-05-28T03:44:26.494833

995 / tcp

+OK Dovecot ready.
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
AUTH-RESP-CODE
USER
SASL PLAIN LOGIN
.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:87:75:6c:f1:48:89:9c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Validity
            Not Before: Nov 15 05:09:42 2021 GMT
            Not After : Nov 15 05:09:42 2022 GMT
        Subject: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:f3:0e:9b:ef:82:76:be:00:c8:7e:c6:26:a0:
                    b8:04:3a:6b:70:80:40:93:d5:fe:9a:79:c7:0f:4c:
                    99:ce:c8:cf:e2:54:f4:83:a5:86:97:03:17:f0:fc:
                    ca:04:0c:8d:bc:76:f1:76:60:f7:a1:53:69:9a:86:
                    5e:41:2d:75:24:4e:d6:f7:75:2e:78:42:7c:31:21:
                    ec:5e:14:68:4a:43:46:02:c3:50:cf:ee:e4:9b:cf:
                    19:38:5c:f2:cc:26:8d:d0:e7:69:3f:83:3c:06:55:
                    42:80:99:f2:e4:07:cd:eb:eb:ee:81:4d:cc:7f:88:
                    87:03:ab:00:49:59:62:52:07:e2:d2:5a:91:72:fa:
                    5a:33:ef:d0:92:a8:44:dc:d9:b7:0e:98:9d:4a:da:
                    0c:b7:c6:6e:e7:99:0f:f3:5c:ca:70:77:5c:c3:d8:
                    3f:85:ba:f0:dd:61:47:84:3e:5f:7d:0a:b9:3e:62:
                    2a:f6:f0:a5:54:b0:65:f8:fa:96:34:d1:37:e3:ec:
                    20:fd:d0:0f:ea:a5:5e:d2:aa:01:08:fe:b0:18:45:
                    e4:aa:de:e1:10:43:e2:35:d5:39:e5:34:96:53:45:
                    86:46:80:cc:52:bd:03:2f:d8:20:5a:be:6f:66:93:
                    00:b2:fa:86:78:d1:7a:ae:70:73:bc:70:f0:2d:27:
                    d6:9c:d4:1b:64:c7:e6:ea:05:e5:a5:c0:e1:fa:0d:
                    62:f3:bd:e5:43:6c:d4:b6:dc:c2:e5:17:cb:fd:4c:
                    b7:7c:3f:a3:40:d5:cb:69:93:3a:66:aa:fe:02:bd:
                    b2:72:7f:cd:19:0f:f4:11:8f:33:dc:35:52:1c:da:
                    e1:b3:78:4a:88:0f:37:a4:69:c6:d7:bb:c4:0b:97:
                    50:a8:4c:19:14:27:af:25:1c:95:0b:a8:d3:78:67:
                    e0:82:f4:5f:51:dc:f3:5b:0a:1b:3c:86:8d:95:12:
                    63:3d:a9:26:b8:11:de:2f:6f:86:d3:e7:c2:3f:bb:
                    77:55:a1:3f:c7:b5:c8:27:3b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Server
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        57:c1:0c:b0:40:96:b0:90:fc:65:61:1e:83:50:a5:63:ea:7e:
        3f:e0:5d:e3:d2:59:e7:84:d4:04:04:62:ee:26:b1:a0:d6:2b:
        74:67:5c:c2:d6:17:80:d0:70:1e:76:39:27:60:3a:08:9e:09:
        93:6b:d0:56:1a:1c:35:b3:24:5d:45:c4:0d:0e:1b:a3:0a:5c:
        66:ac:44:8f:8e:5a:ac:da:d4:21:ec:e9:bc:2e:bf:df:50:a2:
        b2:c5:38:b4:b4:3f:c2:90:ca:86:80:92:b4:e8:9d:3c:06:bd:
        7b:9b:9c:25:2a:11:65:63:e5:a1:fd:64:19:8c:a1:c0:e8:e3:
        f6:f5:d5:bb:cb:ab:6e:00:42:d6:45:08:54:fe:4e:fa:4f:da:
        59:5f:01:71:05:a4:44:e8:c5:27:31:8e:81:07:e6:a2:81:47:
        4a:bc:2f:bd:7a:f6:9f:37:25:81:dd:df:d9:b1:7e:3e:1f:e0:
        b3:c3:ae:bd:ed:65:25:5d:98:22:f6:89:3a:09:ff:c1:dc:2e:
        fb:bb:68:6e:15:dc:36:ab:33:15:6d:33:d6:b0:35:9d:53:89:
        39:4b:ee:7c:63:39:ee:72:48:76:28:94:5d:0a:e5:e9:24:5b:
        d5:7d:4a:c7:95:90:b4:6d:23:9a:8f:d3:17:ed:18:a6:42:5c:
        01:1d:bb:72:33:91:15:ae:3d:3d:21:6a:73:2b:45:5d:4e:2e:
        fb:71:01:5e:cb:43:c5:e3:c6:41:33:4d:94:c2:05:40:5c:ae:
        23:6d:82:2e:a3:55:45:cc:c2:c2:79:d8:26:45:18:88:8e:33:
        79:ef:c1:01:de:3b:1f:fb:3d:1e:19:bc:fd:7d:1c:08:6a:7c:
        1b:9a:b6:28:55:11:5b:62:ed:9f:d4:4b:8a:87:4d:60:44:d1:
        77:9f:be:b2:03:c2:a5:59:45:ab:9c:c3:ac:a4:60:70:92:f9:
        d4:2b:0b:d2:4f:b1:5e:b3:ea:84:8c:10:29:e9:2a:ae:b7:02:
        ca:2f:b1:d9:4c:77

1919657533 | 2024-05-27T20:59:52.653737

3000 / tcp

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Mon, 27 May 2024 20:59:00 GMT
Transfer-Encoding: chunked

-2101243320 | 2024-05-28T01:53:00.954287

3001 / tcp

HTTP/1.1 302 Found
X-Frame-Options: SAMEORIGIN
Location: /dashboard
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 32
Date: Tue, 28 May 2024 01:52:08 GMT
Connection: keep-alive
Keep-Alive: timeout=5

Found. Redirecting to /dashboard

-321522258 | 2024-05-28T02:56:31.698052

3306 / tcp

MariaDB:
  Protocol Version: 10
  Version: 10.4.19-MariaDB-log
  Capabilities: 63486
  Server Language: 45
  Server Status: 2
  Extended Server Capabilities: 33279
  Authentication Plugin: mysql_native_password

-51166897 | 2024-05-28T03:48:28.401740

5432 / tcp

PostgreSQL
FATAL:  no pg_hba.conf entry for host "224.209.221.75", user "postgres", database "template0", no encryption

574130828 | 2024-05-28T01:05:35.241049

8000 / tcp

HTTP/1.1 404 Not Found
Date: Tue, 28 May 2024 01:04:42 GMT
Content-Length: 9
Content-Type: text/plain; charset=utf-8

-1904612995 | 2024-05-27T19:31:18.357162

8080 / tcp

HTTP/1.1 200 OK
Date: Mon, 27 May 2024 19:30:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

-138144284 | 2024-05-28T01:00:47.621130

8181 / tcp

HTTP/1.0 200 OK
Date: Tue, 28 May 2024 00:59:54 GMT
Server: Apache/2.4.51 (Debian)
X-Powered-By: PHP/7.4.26
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Tue, 28 May 2024 00:59:54 GMT
Cache-Control: max-age=0, private, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=kc3c1fe1eken9t0d0l2n6gm48r; path=/
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Length: 5089
Connection: close
Content-Type: text/html; charset=UTF-8

<!doctype html>
<html lang="en" dir="ltr" class="ltr">

<head>
	<meta charset="utf-8">
	<title>SERVER MONITOR</title>
	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
	<meta name="description" content="PHP Server Monitor - ">
	<meta name="robots" content="noindex" />
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<link rel="manifest" href="manifest.json">
	<meta name="apple-mobile-web-app-capable" content="yes">
	<meta name="apple-mobile-web-app-status-bar-style" content="black">
	<meta name="apple-mobile-web-app-title" content="PSM">
	<link rel="apple-touch-icon" href="phpservermon.png">
	<meta name="msapplication-TileImage" content="phpservermon.png">
	<meta name="msapplication-TileColor" content="#424242">
	<!-- TODO add base url -->
  	<!-- <link rel="canonical" href=""> -->
	<meta name="theme-color" content="#424242">
	<link rel="icon" type="image/x-icon" href="favicon.ico" />
	<link rel="icon" type="image/png" href="favicon.png" />
	<link rel="apple-touch-icon" href="favicon.png" />
	<link href="src/templates/default/static/css/bootstrap.min.css" rel="stylesheet">
	<link href="src/templates/default/static/plugin/bootstrap-select/dist/css/bootstrap-select.min.css" rel="stylesheet">
	<link href="src/templates/default/static/css/style.min.css" rel="stylesheet">
	<!--[if lt IE 9]>
    	<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->
</head>

<body>
	<nav class="navbar fixed-top navbar-expand-lg navbar-dark bg-dark">
		<a class="navbar-brand" href="index.php">SERVER MONITOR</a>
		<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbar" aria-controls="navbar"
		 aria-expanded="false" aria-label="Toggle navigation">
			<span class="navbar-toggler-icon"></span>
		</button>

		<div class="collapse navbar-collapse" id="navbar">
			
		</div>
	</nav>
	
	<main role="main" class="container">
		<noscript>
			<div class="alert alert-danger" role="alert">
				<b>Javascript is disabled!</b> PHP Server Monitor works best with JavaScript enabled!
			</div>
		</noscript>
				<div class="container"></div>
				<div class="container">
			<div class="row"></div>
			<div class="row" id="content"><form class="form-signin text-center" method="POST">
      <input type="hidden" name="csrf" value="de1dd7209e83c0b742c3c317d21c5a38236f8b97de3c4a5e44326e38b13b2c9f" />

  <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
  <label for="input-username" class="sr-only">Username</label>
  <input type="text" name="user_name" id="input-username" class="form-control" value="" placeholder="Username" required autofocus>
  <label for="input-password" class="sr-only">Password</label>
  <input type="password" id="input-password" name="user_password" class="form-control" placeholder="Password" required>
  <input type="hidden" name="action" value="login">
  <div class="custom-control custom-checkbox my-1 mr-sm-2">
    <input type="checkbox" name="user_rememberme" value="1" class="custom-control-input" id="input-rememberme" >
    <label class="custom-control-label" for="input-rememberme">Remember me</label>
  </div>
  <button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
  <a class="btn" href="?action=forgot">Forgot password?</a>
</form></div>
		</div>
	</main>
			<footer class="footer" role="contentinfo">
		<div class="container">
			<span class="text-muted">
				Powered by
				<a href="https://github.com/phpservermon/phpservermon/" target="_blank" rel="noopener">
					PHP Server Monitor v3.5.2.
				</a><span style="color:red;"></span><a href="#" class="float-right">Back to top</a>
			</span>
		</div>
	</footer>
			<script src="src/templates/default/static/plugin/jquery/jquery-3.5.1.min.js"></script>
	<script src="src/templates/default/static/plugin/popper.js/popper.min.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/index.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/util.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/tab.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/dropdown.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/collapse.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/button.js"></script>
	<script src="src/templates/default/static/plugin/bootstrap/js/dist/alert.js"></script>
		<script type="text/javascript" src="src/templates/default/static/plugin/bootstrap-select/dist/js/bootstrap-select.min.js"></script>
	<script type="text/javascript" src

-1670414542 | 2024-05-27T22:33:16.442163

9000 / tcp

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 23180
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 26 Aug 2021 22:17:01 GMT
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Date: Mon, 27 May 2024 22:32:24 GMT

1531194918 | 2024-05-28T01:31:08.852631

9090 / tcp

HTTP/1.1 200 OK
Date: Tue, 28 May 2024 01:30:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked

1871155516 | 2024-05-27T22:51:22.341759

9100 / tcp

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Prometheus Node Exporter:
  node_exporter_build_info:
    branch: HEAD
    goversion: go1.16.7
    revision: 26645363b486e12be40af7ce4fc91e731a33104e
    version: 1.2.2
  node_uname_info:
    domainname: (none)
    machine: x86_64
    nodename: mail.greenspark.om
    release: 3.10.0-1160.102.1.el7.x86_64
    sysname: Linux
    version: #1 SMP Tue Oct 17 15:42:21 UTC 2023
  node_network_info:
    veth89ba488:
      address: 86:ed:e5:4c:a8:3a
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth89ba488
      duplex: full
      operstate: up
    veth0b341f8:
      address: e6:48:d3:3a:a9:3c
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth0b341f8
      duplex: full
      operstate: up
    br-fd4481a82f93:
      address: 02:42:e5:c1:55:94
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-fd4481a82f93
      operstate: up
    br-a2336f8c027f:
      address: 02:42:15:f2:d0:61
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-a2336f8c027f
      operstate: up
    docker0:
      address: 02:42:bc:e4:f0:ca
      broadcast: ff:ff:ff:ff:ff:ff
      device: docker0
      operstate: up
    br-5905ef2095da:
      address: 02:42:d7:fd:91:7c
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-5905ef2095da
      operstate: up
    lo:
      address: 00:00:00:00:00:00
      broadcast: 00:00:00:00:00:00
      device: lo
      operstate: unknown
    vethbf28375:
      address: a6:a7:74:dc:c1:1a
      broadcast: ff:ff:ff:ff:ff:ff
      device: vethbf28375
      duplex: full
      operstate: up
    veth04ad272:
      address: 52:28:d6:75:c4:f8
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth04ad272
      duplex: full
      operstate: up
    veth41749ed:
      address: be:77:5d:f0:d2:37
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth41749ed
      duplex: full
      operstate: up
    br-72901dda6aea:
      address: 02:42:61:0f:96:a2
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-72901dda6aea
      operstate: down
    br-b89f0955c258:
      address: 02:42:1c:a4:cc:67
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-b89f0955c258
      operstate: down
    br-48f37eab7b02:
      address: 02:42:72:cb:9d:a3
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-48f37eab7b02
      operstate: up
    vethc471e75:
      address: 2a:3d:00:e1:2c:a3
      broadcast: ff:ff:ff:ff:ff:ff
      device: vethc471e75
      duplex: full
      operstate: up
    veth3d04fce:
      address: 76:21:20:d2:c7:fe
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth3d04fce
      duplex: full
      operstate: up
    veth4e57ade:
      address: 96:fe:97:26:57:59
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth4e57ade
      duplex: full
      operstate: up
    veth02bb9c7:
      address: c2:d7:e2:8b:6a:e1
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth02bb9c7
      duplex: full
      operstate: up
    eth0:
      address: 00:16:3c:01:8d:4e
      broadcast: ff:ff:ff:ff:ff:ff
      device: eth0
      operstate: up

MAC Addresses

00:16:3C:01:8D:4E
    OUI: 00:16:3C
    Organization: Rebox B.V.
    Assignment: MA-L
    Registration Date: 2005-10-29

135.181.245.232

Last Seen: 2024-05-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1536493902 | 2024-05-27T23:51:47.057648 21 / tcp

-708003874 | 2024-05-28T03:05:06.799174 25 / tcp

368625022 | 2024-05-27T19:23:53.047818 53 / tcp

368625022 | 2024-05-28T02:37:22.489784 53 / udp

-1225945184 | 2024-05-28T03:21:01.685358 80 / tcp

1952082069 | 2024-05-27T18:25:21.419061 110 / tcp

-1267549069 | 2024-05-28T01:41:52.878279 143 / tcp

-1225945184 | 2024-05-27T17:04:59.536981 443 / tcp

1125707720 | 2024-05-28T02:37:21.730088 465 / tcp

-1618548442 | 2024-05-27T22:21:40.692423 587 / tcp

1520541986 | 2024-05-27T23:09:05.263948 993 / tcp

-1001764030 | 2024-05-28T03:44:26.494833 995 / tcp

1919657533 | 2024-05-27T20:59:52.653737 3000 / tcp

-2101243320 | 2024-05-28T01:53:00.954287 3001 / tcp

-321522258 | 2024-05-28T02:56:31.698052 3306 / tcp

-51166897 | 2024-05-28T03:48:28.401740 5432 / tcp

574130828 | 2024-05-28T01:05:35.241049 8000 / tcp

-1904612995 | 2024-05-27T19:31:18.357162 8080 / tcp

-138144284 | 2024-05-28T01:00:47.621130 8181 / tcp

-1670414542 | 2024-05-27T22:33:16.442163 9000 / tcp

1531194918 | 2024-05-28T01:31:08.852631 9090 / tcp

1871155516 | 2024-05-27T22:51:22.341759 9100 / tcp

Products

Pricing

Contact Us

-1536493902 | 2024-05-27T23:51:47.057648
21 / tcp

-708003874 | 2024-05-28T03:05:06.799174
25 / tcp

368625022 | 2024-05-27T19:23:53.047818
53 / tcp

368625022 | 2024-05-28T02:37:22.489784
53 / udp

-1225945184 | 2024-05-28T03:21:01.685358
80 / tcp

1952082069 | 2024-05-27T18:25:21.419061
110 / tcp

-1267549069 | 2024-05-28T01:41:52.878279
143 / tcp

-1225945184 | 2024-05-27T17:04:59.536981
443 / tcp

1125707720 | 2024-05-28T02:37:21.730088
465 / tcp

-1618548442 | 2024-05-27T22:21:40.692423
587 / tcp

1520541986 | 2024-05-27T23:09:05.263948
993 / tcp

-1001764030 | 2024-05-28T03:44:26.494833
995 / tcp

1919657533 | 2024-05-27T20:59:52.653737
3000 / tcp

-2101243320 | 2024-05-28T01:53:00.954287
3001 / tcp

-321522258 | 2024-05-28T02:56:31.698052
3306 / tcp

-51166897 | 2024-05-28T03:48:28.401740
5432 / tcp

574130828 | 2024-05-28T01:05:35.241049
8000 / tcp

-1904612995 | 2024-05-27T19:31:18.357162
8080 / tcp

-138144284 | 2024-05-28T01:00:47.621130
8181 / tcp

-1670414542 | 2024-05-27T22:33:16.442163
9000 / tcp

1531194918 | 2024-05-28T01:31:08.852631
9090 / tcp

1871155516 | 2024-05-27T22:51:22.341759
9100 / tcp